Effective Date: April 20, 2022
1. INFORMATION COLLECTED BY PRIVY
Privy may collect Personal Data of Privy Users, which are as follows:
Data that Privy request from Users
When the User creates a Privy Account, the User is required to provide Basic Data, including but not limited to Personal Data information consisting of full name, date of birth, User Identity Card (KTP), or other identity cards (including the information contained therein), cell phone numbers, e-mail addresses, and biometric data. To create a Privy Account and use Privy Services, User are required to provide Privy with some information and Personal Data in a true, clear, accurate, and complete manner to Privy. If the User does not provide the Personal Data required at this point or provides statements and guarantees, information, or Personal Data that is untrue, unclear, inaccurate, or incomplete, then Privy has the right to refuse the application for creating a Privy Account for that User and suspend or terminate in part or in full of the Privy Services provided to Users.
Data that Privy collects automatically
When User uses Privy Services, Privy will automatically collect Personal Data such as IP Addresses, login information, geolocation, client browser & version, timestamp of activities, operating system, and User transaction data related to the use of Privy Services.
When the User uses Privy Services, including Privy Services through Third Parties, Users may provide other Personal Data (other than those referred to in points a and b above) to Privy from time to time.
Data that Privy collects from Third Parties
User can create a Privy Account through a Third Party to access or use the services provided by that Third Party. The third-party that provides the Privy Account creation service is the registration authority. The registration authority will then forward the Personal Data information that the User provided at the time of registration to Privy to create a User's Privy Account.
2. USE OF PERSONAL DATA
The Personal Data that the User provides will be used to provide product services from Privy, such as:
- Issue PrivyID, create a Privy Account, and issue, manage and revoke Electronic Certificates issued by Privy.
- Collect, record, and analyze data related to the activity of using the Privy Services.
- Provide information related to the use of the User's Privy Account, such as information on the use of services and information in the form of promotions.
- Repair and improve products and services to Privy Users.
3. PERSONAL DATA SHARED
Privy will openly disclose User’s Personal Data information, including but not limited to Personal Data, which is contained in the Privy Account and/or contained in the Electronic Certificate issued by Privy as necessary in order to fulfill the Privy Service used by the User. Privy does not sell and/or share a User's Personal Data with other parties without the User's consent. Privy guarantees that only User, Third Parties, and/or other parties with which the User consents, can access and/or view the uploaded Electronic Documents or Personal Data contained in the User's Privy Account.
- Other Users, as parties who are in direct contact with Users in connection with User use of the Privy Services;
- Individuals, organizations, entities, or government authorities where Privy has an obligation to comply with law and regulation, in the context of law enforcement processes or taking preventive actions in connection with illegal activities, suspected criminal acts, violations of law, or law and regulation;
- Agents, contractors, or Third Parties who provide services to Privy so that Privy can provide services to its Users in connection with the use of such User's Personal Data. Such agents, contractors, or Third Parties provide services to Privy in the form of verification, authentication, analysis, promotion, fraud detection, payment, or other customer support services. Privy ensures that such agents, contractors, or Third Parties will only use User’s Personal Data as necessary to support Privy Services; and
- Organizations or Legal Entities with which the User is associated and registered with him through the Privy Service.
4. SECURITY OF USER PERSONAL DATA
Privy takes security and storage efforts with great care to protect the confidentiality of User's Personal Data from time to time. Any content uploaded and sent by Users to the Privy Service will be stored securely and sent confidentially using industry standards for securing electronic information. Privy sets high standards for information security, please note that Privy is ISO 27001:2013 certified regarding Information Security Management systems.
The User is responsible for maintaining the confidentiality of the User's Privy Account details, including the User's password and One Time Password (OTP) that Privy may send to the User from time to time to anyone, and must always maintain and be responsible for the security of the device that the User uses to access Privy Service.
5. DATA STORAGE
Privy retains the User's Personal Data for the period required for the purposes of processing the Personal Data. In addition, the storage of the User's Personal Data is carried out in accordance with the provisions of the prevailing law and regulation.
6. USER RIGHTS
The User has the right to access the User's Personal Data stored on the User's Privy Account.
The user has the right to change the User’s Personal Data stored on Privy. Changes, additions, or updates of information and Personal Data in the form of Basic Data can only be made by giving notification to Privy through Privy's contact. Meanwhile, for categories other than Basic Data, this can be done through the Privy Application. Privy reserves the right to request supporting documents and/or verify changes, additions, or updates to such information and Personal Data in accordance with Privy's procedures.
Based on the User’s request, Privy will delete the User's Personal Data from the Privy system. Before the deletion of Personal Data can be processed, the User must fulfill the verification requirements carried out by Privy. Privy has the right to ask for reasons for deleting Personal Data from Users. The request for deletion of Basic Data can only made by giving notification to Privy through Privy's contact. Meanwhile, for categories other than Basic Data, this can be done through the Privy Application. The impact of deleting Basic Data is the closure of the Privy Account.
7. LIMITATION OF LIABILITY
User will release, hold harmless, give compensation, and defend Privy, including any officers, directors, employees, or agents of Privy from and against any and all requests, claims, losses, responsibility, liabilities, costs, damages, and expenses (including but not limited to legal fees and compensation expenses) resulting directly or indirectly from:
- collection, use, maintenance, sharing, or disclosure of data and information carried out on sites or applications owned, managed, and/or operated by Third Parties.
8. APPLICABLE LAW AND DISPUTE RESOLUTION
- One of the parties, either User or Privy ("First Party") is required to provide written notification to the other party ("Second Party") regarding the occurrence of a Dispute ("Dispute Notification"). Disputes must be resolved by deliberation to reach consensus within thirty (30) calendar days from the date of the Dispute Notification (“Deliberative Settlement Period”);
- If the dispute cannot be resolved by deliberation and consensus until the end of the Deliberative Settlement Period, the First Party and the Second Party agree that the Dispute will be referred to and resolved by the Indonesian National Arbitration Board (“BANI”) according to the rules of arbitration procedure at BANI which is located at Wahana Graha Floor 1 and 2, Jl. Mampang Prapatan No. 2 Jakarta 12760, with the following conditions:
- The language used in the arbitration is Bahasa Indonesian;
- The place of arbitration is in Jakarta, Indonesia;
- The First Party and the Second Party will jointly appoint one (1) arbitrator who will be the sole arbitrator to settle the dispute;
- Arbitration costs and legal fees must be borne by the losing party; and
- The arbitration award is final and binding on the First Party and the Second Party.
10. CONTACT AND NOTIFICATIONS
Notice from Privy
Any notification from Privy addressed to User will be announced through the Site and sent via electronic mail (email), short message service (SMS), or push notifications through the Privy Application installed on the User's device registered with Privy.
Notice from User
Any notification from a User addressed to Privy becomes effective when the notification is received by Privy via the electronic mail address (e-mail address) email@example.com and/or through a physical document sent to PT Privy Identity Digital with the address Jl. Kemang Raya No. 34L, 2nd Floor, Bangka Village, Mampang Prapatan District, South Jakarta 12730, Indonesia.